Auto-Update: 2024-07-31T14:00:17.707211+00:00

CVE-2022/CVE-2022-331xx/CVE-2022-33167.json

@@ -2,13 +2,17 @@
   "id": "CVE-2022-33167",
   "sourceIdentifier": "psirt@us.ibm.com",
   "published": "2024-07-30T17:15:10.020",
-  "lastModified": "2024-07-30T17:15:10.020",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.  IBM X-Force ID:  228587."
+    },
+    {
+      "lang": "es",
+      "value": "IBM Security Directory Integrator 7.2.0 e IBM Security Verify Directory Integrator 10.0.0 podr\u00edan permitir a un atacante remoto obtener informaci\u00f3n confidencial, causada por el fallo al establecer el indicador HTTPOnly. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n confidencial de la cookie. ID de IBM X-Force: 228587."
     }
   ],
   "metrics": {

CVE-2023/CVE-2023-262xx/CVE-2023-26288.json

@@ -2,13 +2,17 @@
   "id": "CVE-2023-26288",
   "sourceIdentifier": "psirt@us.ibm.com",
   "published": "2024-07-30T17:15:11.720",
-  "lastModified": "2024-07-30T17:15:11.720",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.  IBM X-Force ID:  248477."
+    },
+    {
+      "lang": "es",
+      "value": " IBM Aspera Orchestrator 4.0.1 no invalida la sesi\u00f3n despu\u00e9s de un cambio de contrase\u00f1a que podr\u00eda permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 248477."
     }
   ],
   "metrics": {

CVE-2023/CVE-2023-262xx/CVE-2023-26289.json

@@ -2,13 +2,17 @@
   "id": "CVE-2023-26289",
   "sourceIdentifier": "psirt@us.ibm.com",
   "published": "2024-07-30T17:15:12.740",
-  "lastModified": "2024-07-30T17:15:12.740",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.  IBM X-Force ID:  248478."
+    },
+    {
+      "lang": "es",
+      "value": " IBM Aspera Orchestrator 4.0.1 es vulnerable a la inyecci\u00f3n de encabezados HTTP, causada por una validaci\u00f3n incorrecta de la entrada por parte de los encabezados HOST. Esto podr\u00eda permitir a un atacante realizar varios ataques contra el sistema vulnerable, incluidos cross-site scripting, envenenamiento de cach\u00e9 o secuestro de sesi\u00f3n. ID de IBM X-Force: 248478."
     }
   ],
   "metrics": {

CVE-2023/CVE-2023-280xx/CVE-2023-28074.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-28074",
   "sourceIdentifier": "security_alert@emc.com",
   "published": "2024-07-31T08:15:02.243",
-  "lastModified": "2024-07-31T08:15:02.243",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2023/CVE-2023-339xx/CVE-2023-33976.json

@@ -2,13 +2,17 @@
   "id": "CVE-2023-33976",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-07-30T20:15:03.023",
-  "lastModified": "2024-07-30T20:15:03.023",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12."
+    },
+    {
+      "lang": "es",
+      "value": " TensorFlow es una plataforma de c\u00f3digo abierto de un extremo a otro para el aprendizaje autom\u00e1tico. `array_ops.upper_bound` provoca un error de segmentaci\u00f3n cuando no se le asigna un tensor de rango 2. La soluci\u00f3n se incluir\u00e1 en TensorFlow 2.13 y tambi\u00e9n seleccionar\u00e1 esta confirmaci\u00f3n en TensorFlow 2.12."
     }
   ],
   "metrics": {

CVE-2023/CVE-2023-380xx/CVE-2023-38001.json

@@ -2,13 +2,17 @@
   "id": "CVE-2023-38001",
   "sourceIdentifier": "psirt@us.ibm.com",
   "published": "2024-07-30T17:15:13.000",
-  "lastModified": "2024-07-30T17:15:13.000",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  260206."
+    },
+    {
+      "lang": "es",
+      "value": "IBM Aspera Orchestrator 4.0.1 es vulnerable a cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 260206."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-230xx/CVE-2024-23091.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-23091",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T14:15:02.730",
-  "lastModified": "2024-07-30T14:15:02.730",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values."
+    },
+    {
+      "lang": "es",
+      "value": " El hash de contrase\u00f1a d\u00e9bil usando MD5 en funzioni.php en HotelDruid anterior a 1.32 permite a un atacante obtener contrase\u00f1as en texto plano a partir de valores hash."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-25xx/CVE-2024-2508.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-2508",
   "sourceIdentifier": "security@wordfence.com",
   "published": "2024-07-31T09:15:02.707",
-  "lastModified": "2024-07-31T09:15:02.707",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the '_mobmenu_icon' post meta to arbitrary posts with an arbitrary (but sanitized) value. NOTE: Version 2.8.4.4 contains a partial fix for this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento WP Mobile Menu para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n save_menu_item_icon en todas las versiones hasta la 2.8.4.4 incluida. Esto hace posible que atacantes no autenticados agreguen el meta de publicaci\u00f3n '_mobmenu_icon' a publicaciones arbitrarias con un valor arbitrario (pero depurado). NOTA: La versi\u00f3n 2.8.4.4 contiene una correcci\u00f3n parcial para esta vulnerabilidad."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-328xx/CVE-2024-32857.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-32857",
   "sourceIdentifier": "security_alert@emc.com",
   "published": "2024-07-31T09:15:03.297",
-  "lastModified": "2024-07-31T09:15:03.297",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability.  An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege"
+    },
+    {
+      "lang": "es",
+      "value": "Dell Peripheral Manager, versiones anteriores a 1.7.6, contiene una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la precarga de una DLL maliciosa o la explotaci\u00f3n de enlaces simb\u00f3licos, lo que lleva a la ejecuci\u00f3n de c\u00f3digo arbitrario y la escalada de privilegios."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-365xx/CVE-2024-36572.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-36572",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T20:15:03.630",
-  "lastModified": "2024-07-30T20:15:03.630",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Undergoing Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue."
+    },
+    {
+      "lang": "es",
+      "value": " Prototype pollution en allpro form-manager 0.7.4 permite a los atacantes ejecutar c\u00f3digo arbitrario y causar otros impactos a trav\u00e9s de las funciones setDefaults, mergeBranch y Object.setObjectValue."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-371xx/CVE-2024-37127.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-37127",
   "sourceIdentifier": "security_alert@emc.com",
   "published": "2024-07-31T09:15:03.840",
-  "lastModified": "2024-07-31T09:15:03.840",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege"
+    },
+    {
+      "lang": "es",
+      "value": "Dell Peripheral Manager, versiones anteriores a 1.7.6, contiene una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la precarga de una DLL maliciosa o la explotaci\u00f3n de enlaces simb\u00f3licos, lo que lleva a la ejecuci\u00f3n de c\u00f3digo arbitrario y la escalada de privilegios."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-371xx/CVE-2024-37129.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-37129",
   "sourceIdentifier": "security_alert@emc.com",
   "published": "2024-07-31T09:15:04.290",
-  "lastModified": "2024-07-31T09:15:04.290",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system."
+    },
+    {
+      "lang": "es",
+      "value": "Dell Inventory Collector, versiones anteriores a 12.3.0.6, contiene una vulnerabilidad de Path Traversal. Un usuario malintencionado autenticado local podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n de c\u00f3digo arbitrario en el sistema."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-371xx/CVE-2024-37142.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-37142",
   "sourceIdentifier": "security_alert@emc.com",
   "published": "2024-07-31T09:15:04.700",
-  "lastModified": "2024-07-31T09:15:04.700",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege"
+    },
+    {
+      "lang": "es",
+      "value": "Dell Peripheral Manager, versiones anteriores a 1.7.6, contiene una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la precarga de una DLL maliciosa o la explotaci\u00f3n de enlaces simb\u00f3licos, lo que lleva a la ejecuci\u00f3n de c\u00f3digo arbitrario y la escalada de privilegios."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-371xx/CVE-2024-37165.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-37165",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-07-30T15:15:11.617",
-  "lastModified": "2024-07-30T15:15:11.617",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3."
+    },
+    {
+      "lang": "es",
+      "value": " Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de 3.2.3 y 3.3.0.beta3, los datos de Onebox mal sanitizados pod\u00edan provocar una vulnerabilidad de XSS en algunas situaciones. Esta vulnerabilidad solo afecta a las instancias de Discourse que han deshabilitado la Pol\u00edtica de seguridad de contenido predeterminada. Esta vulnerabilidad se solucion\u00f3 en 3.2.3 y 3.3.0.beta3."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-372xx/CVE-2024-37281.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-37281",
   "sourceIdentifier": "bressers@elastic.co",
   "published": "2024-07-30T22:15:01.923",
-  "lastModified": "2024-07-30T22:15:01.923",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint."
+    },
+    {
+      "lang": "es",
+      "value": "Se descubri\u00f3 un problema en Kibana donde un usuario con rol de Observador pod\u00eda provocar que una instancia de Kibana fallara al enviar una gran cantidad de solicitudes manipuladas con fines malintencionados a un endpoint espec\u00edfico."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-372xx/CVE-2024-37299.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-37299",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-07-30T15:15:11.857",
-  "lastModified": "2024-07-30T15:15:11.857",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5."
+    },
+    {
+      "lang": "es",
+      "value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de 3.2.5 y 3.3.0.beta5, la manipulaci\u00f3n de solicitudes para enviar nombres de grupos de etiquetas muy largos puede reducir la disponibilidad de una instancia de Discourse. Esta vulnerabilidad se solucion\u00f3 en 3.2.5 y 3.3.0.beta5."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-389xx/CVE-2024-38909.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-38909",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T14:15:02.897",
-  "lastModified": "2024-07-30T14:15:02.897",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc."
+    },
+    {
+      "lang": "es",
+      "value": " Studio 42 elFinder 2.1.64 es vulnerable a un control de acceso incorrecto. Copiar archivos con una extensi\u00f3n no autorizada entre directorios de servidores permite a un atacante arbitrario exponer secretos, realizar RCE, etc."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-389xx/CVE-2024-38983.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-38983",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T21:15:09.700",
-  "lastModified": "2024-07-30T21:15:09.700",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Undergoing Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91)"
+    },
+    {
+      "lang": "es",
+      "value": " Prototype Pollution en alykoshin mini-deep-assign v0.0.8 permite a un atacante ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (DoS) y causar otros impactos a trav\u00e9s del m\u00e9todo _assign() en (/lib/index.js:91)"
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-389xx/CVE-2024-38984.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-38984",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T20:15:03.873",
-  "lastModified": "2024-07-30T20:15:03.873",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Undergoing Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via the __proto__ property."
+    },
+    {
+      "lang": "es",
+      "value": " Prototype Pollution en lukebond json-override 0.2.0 permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la propiedad __proto__."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-389xx/CVE-2024-38986.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-38986",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T20:15:03.990",
-  "lastModified": "2024-07-30T20:15:03.990",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Undergoing Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects."
+    },
+    {
+      "lang": "es",
+      "value": "Prototype Pollution en 75 lb deep-merge 1.1.1 permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) y provocar otros impactos mediante m\u00e9todos de fusi\u00f3n de lodash para fusionar objetos."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-390xx/CVE-2024-39010.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-39010",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T20:15:04.103",
-  "lastModified": "2024-07-30T20:15:04.103",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Undergoing Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
+    },
+    {
+      "lang": "es",
+      "value": " Se descubri\u00f3 que Chase-moskal snapstate v0.0.9 conten\u00eda prototype pollution a trav\u00e9s de la funci\u00f3n intentNestedProperty. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) mediante la inyecci\u00f3n de propiedades arbitrarias."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-390xx/CVE-2024-39011.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-39011",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T20:15:04.203",
-  "lastModified": "2024-07-30T20:15:04.203",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Undergoing Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects."
+    },
+    {
+      "lang": "es",
+      "value": "Prototype Pollution en chargeover redoc v2.0.9-rc.69 permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) y provocar otros impactos a trav\u00e9s de la funci\u00f3n mergeObjects."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-390xx/CVE-2024-39012.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-39012",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T20:15:04.307",
-  "lastModified": "2024-07-30T20:15:04.307",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Undergoing Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
+    },
+    {
+      "lang": "es",
+      "value": " Se descubri\u00f3 que ais-ltd Strategyen v0.4.0 contiene un prototype pollution a trav\u00e9s de la funci\u00f3n mergeObjects. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) mediante la inyecci\u00f3n de propiedades arbitrarias."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-393xx/CVE-2024-39320.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-39320",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-07-30T15:15:12.180",
-  "lastModified": "2024-07-30T15:15:12.180",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5."
+    },
+    {
+      "lang": "es",
+      "value": " Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de 3.2.5 y 3.3.0.beta5, la vulnerabilidad permit\u00eda a un atacante inyectar iframes desde cualquier dominio, evitando las restricciones previstas impuestas por la configuraci\u00f3n de Allow_iframes. Esta vulnerabilidad se solucion\u00f3 en 3.2.5 y 3.3.0.beta5."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-393xx/CVE-2024-39379.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-39379",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2024-07-31T13:15:10.253",
+  "lastModified": "2024-07-31T13:15:10.253",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to arbitrary file system read access. An attacker could exploit this vulnerability to read contents from a location in memory past the buffer boundary, potentially leading to sensitive information disclosure. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39379",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-399xx/CVE-2024-39944.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-39944",
   "sourceIdentifier": "cybersecurity@dahuatech.com",
   "published": "2024-07-31T04:15:02.410",
-  "lastModified": "2024-07-31T04:15:02.410",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability has been found in Dahua products.Attackers\ncan send carefully crafted data packets to the interface with vulnerabilities,\ncausing the device to crash."
+    },
+    {
+      "lang": "es",
+      "value": " Se ha encontrado una vulnerabilidad en los productos Dahua. Los atacantes pueden enviar paquetes de datos cuidadosamente manipulados a la interfaz con vulnerabilidades, provocando que el dispositivo falle."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-399xx/CVE-2024-39945.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-39945",
   "sourceIdentifier": "cybersecurity@dahuatech.com",
   "published": "2024-07-31T04:15:03.077",
-  "lastModified": "2024-07-31T04:15:03.077",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability has been found in Dahua products.\u00a0\u00a0After\nobtaining the administrator's username and password, the attacker can send a\ncarefully crafted data packet to the interface with vulnerabilities, causing\nthe device to crash."
+    },
+    {
+      "lang": "es",
+      "value": " Se ha encontrado una vulnerabilidad en los productos Dahua.  Despu\u00e9s de obtener el nombre de usuario y la contrase\u00f1a del administrador, el atacante puede enviar un paquete de datos cuidadosamente manipulado a la interfaz con vulnerabilidades, provocando que el dispositivo falle."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-399xx/CVE-2024-39946.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-39946",
   "sourceIdentifier": "cybersecurity@dahuatech.com",
   "published": "2024-07-31T04:15:03.597",
-  "lastModified": "2024-07-31T04:15:03.597",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization."
+    },
+    {
+      "lang": "es",
+      "value": " Se ha encontrado una vulnerabilidad en los productos Dahua. Despu\u00e9s de obtener el nombre de usuario y la contrase\u00f1a del administrador, el atacante puede enviar un paquete de datos cuidadosamente manipulado a la interfaz con vulnerabilidades, lo que provoca la inicializaci\u00f3n del dispositivo."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-399xx/CVE-2024-39947.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-39947",
   "sourceIdentifier": "cybersecurity@dahuatech.com",
   "published": "2024-07-31T04:15:04.840",
-  "lastModified": "2024-07-31T04:15:04.840",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash."
+    },
+    {
+      "lang": "es",
+      "value": "Se ha encontrado una vulnerabilidad en los productos Dahua. Despu\u00e9s de obtener el nombre de usuario y la contrase\u00f1a del usuario normal, el atacante puede enviar un paquete de datos cuidadosamente manipulado a la interfaz con vulnerabilidades, lo que provoca que el dispositivo falle."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-399xx/CVE-2024-39948.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-39948",
   "sourceIdentifier": "cybersecurity@dahuatech.com",
   "published": "2024-07-31T04:15:05.173",
-  "lastModified": "2024-07-31T04:15:05.173",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash."
+    },
+    {
+      "lang": "es",
+      "value": " Se ha encontrado una vulnerabilidad en los productos Dahua. Los atacantes pueden enviar paquetes de datos cuidadosamente manipulados a la interfaz con vulnerabilidades, provocando que el dispositivo falle."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-399xx/CVE-2024-39949.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-39949",
   "sourceIdentifier": "cybersecurity@dahuatech.com",
   "published": "2024-07-31T04:15:05.503",
-  "lastModified": "2024-07-31T04:15:05.503",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash."
+    },
+    {
+      "lang": "es",
+      "value": " Se ha encontrado una vulnerabilidad en los productos Dahua. Los atacantes pueden enviar paquetes de datos cuidadosamente manipulados a la interfaz con vulnerabilidades, provocando que el dispositivo falle."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-399xx/CVE-2024-39950.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-39950",
   "sourceIdentifier": "cybersecurity@dahuatech.com",
   "published": "2024-07-31T04:15:05.837",
-  "lastModified": "2024-07-31T04:15:05.837",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization."
+    },
+    {
+      "lang": "es",
+      "value": " Se ha encontrado una vulnerabilidad en los productos Dahua. Los atacantes pueden enviar paquetes de datos cuidadosamente manipulados a la interfaz con vulnerabilidades para iniciar la inicializaci\u00f3n del dispositivo."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-39xx/CVE-2024-3930.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-3930",
   "sourceIdentifier": "security@puppet.com",
   "published": "2024-07-30T19:15:10.573",
-  "lastModified": "2024-07-30T19:15:10.573",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In versions of Akana API Platform prior to 2024.1.0\u00a0a flaw resulting in XML External Entity (XXE) was discovered."
+    },
+    {
+      "lang": "es",
+      "value": " En versiones de Akana API Platform anteriores a 2024.1.0, se descubri\u00f3 un fallo que resultaba en XML External Entity (XXE)."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-411xx/CVE-2024-41109.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41109",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-07-30T15:15:12.890",
-  "lastModified": "2024-07-30T15:15:12.890",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system.  This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10."
+    },
+    {
+      "lang": "es",
+      "value": " El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. Navegar a `/admin/index/statistics` con un usuario de Pimcore conectado expone informaci\u00f3n sobre la instalaci\u00f3n de Pimcore, la versi\u00f3n de PHP, la versi\u00f3n de MYSQL, los paquetes instalados y todas las tablas de la base de datos y su recuento de filas en el sistema. Esta vulnerabilidad se solucion\u00f3 en 1.5.2, 1.4.6 y 1.3.10."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-413xx/CVE-2024-41304.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41304",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T18:15:05.817",
-  "lastModified": "2024-07-30T18:15:05.817",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file."
+    },
+    {
+      "lang": "es",
+      "value": " Una vulnerabilidad de carga de archivos arbitrarios en la funci\u00f3n uploadFileAction() de WonderCMS v3.4.3 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo SVG manipulado."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-413xx/CVE-2024-41305.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41305",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T18:15:05.910",
-  "lastModified": "2024-07-30T18:15:05.910",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Undergoing Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter."
+    },
+    {
+      "lang": "es",
+      "value": " Server-Side Request Forgery (SSRF) en la p\u00e1gina de complementos de WonderCMS v3.4.3 permite a los atacantes forzar a la aplicaci\u00f3n a realizar solicitudes arbitrarias mediante la inyecci\u00f3n de URL manipuladas en el par\u00e1metro pluginThemeUrl."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-414xx/CVE-2024-41437.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41437",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T19:15:10.933",
-  "lastModified": "2024-07-30T19:15:10.933",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file."
+    },
+    {
+      "lang": "es",
+      "value": "Un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en la funci\u00f3n cp_unfilter() (/vendor/cute_png.h) de hicolor v0.5.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo PNG manipulado."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-414xx/CVE-2024-41438.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41438",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T19:15:11.027",
-  "lastModified": "2024-07-30T19:15:11.027",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file."
+    },
+    {
+      "lang": "es",
+      "value": " Un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en la funci\u00f3n cp_stored() (/vendor/cute_png.h) de hicolor v0.5.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo PNG manipulado."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-414xx/CVE-2024-41439.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41439",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T19:15:11.123",
-  "lastModified": "2024-07-30T19:15:11.123",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file."
+    },
+    {
+      "lang": "es",
+      "value": " Un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en la funci\u00f3n cp_block() (/vendor/cute_png.h) de hicolor v0.5.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo PNG manipulado."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-414xx/CVE-2024-41440.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41440",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T19:15:11.210",
-  "lastModified": "2024-07-30T19:15:11.210",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file."
+    },
+    {
+      "lang": "es",
+      "value": " Un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en la funci\u00f3n png_quantize() de hicolor v0.5.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo PNG manipulado."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-414xx/CVE-2024-41443.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41443",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T19:15:11.300",
-  "lastModified": "2024-07-30T19:15:11.300",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file."
+    },
+    {
+      "lang": "es",
+      "value": " Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n cp_dynamic() (/vendor/cute_png.h) de hicolor v0.5.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo PNG manipulado."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-416xx/CVE-2024-41610.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41610",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T20:15:04.713",
-  "lastModified": "2024-07-30T20:15:04.713",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands."
+    },
+    {
+      "lang": "es",
+      "value": "D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contiene credenciales codificadas en el servicio Telnet, lo que permite a los atacantes iniciar sesi\u00f3n de forma remota en el servicio Telnet y realizar comandos arbitrarios."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-416xx/CVE-2024-41611.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41611",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-30T20:15:04.810",
-  "lastModified": "2024-07-30T20:15:04.810",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands."
+    },
+    {
+      "lang": "es",
+      "value": " En D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, el servicio Telnet contiene credenciales codificadas, lo que permite a los atacantes iniciar sesi\u00f3n de forma remota en el servicio Telnet y realizar comandos arbitrarios."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-418xx/CVE-2024-41802.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41802",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-07-30T16:15:04.400",
-  "lastModified": "2024-07-30T16:15:04.400",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the APIs for importing JSON and importing a Layout containing DataSet data.\nUsers should upgrade to version 3.3.12 or 4.0.14 which fix this issue"
+    },
+    {
+      "lang": "es",
+      "value": " Xibo es un sistema de gesti\u00f3n de contenidos (CMS). Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en las rutas API dentro del CMS responsable del filtrado de conjuntos de datos. Esto permite a un usuario autenticado obtener y modificar datos arbitrarios de la base de datos Xibo inyectando valores especialmente manipulados en las API para importar JSON e importar un dise\u00f1o que contenga datos de DataSet. Los usuarios deben actualizar a la versi\u00f3n 3.3.12 o 4.0.14, que soluciona este problema."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-418xx/CVE-2024-41803.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41803",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-07-30T16:15:04.643",
-  "lastModified": "2024-07-30T16:15:04.643",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain arbitrary data from the Xibo database by injecting specially crafted values in to the API for viewing DataSet data. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue."
+    },
+    {
+      "lang": "es",
+      "value": "Xibo es un sistema de gesti\u00f3n de contenidos (CMS). Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en las rutas API dentro del CMS responsable del filtrado de conjuntos de datos. Esto permite a un usuario autenticado obtener datos arbitrarios de la base de datos Xibo inyectando valores especialmente manipulados en la API para ver los datos del DataSet. Los usuarios deben actualizar a la versi\u00f3n 3.3.12 o 4.0.14, que soluciona este problema."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-418xx/CVE-2024-41804.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41804",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-07-30T16:15:04.873",
-  "lastModified": "2024-07-30T16:15:04.873",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `formula` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue."
+    },
+    {
+      "lang": "es",
+      "value": " Xibo es un sistema de gesti\u00f3n de contenidos (CMS). Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en la ruta API dentro del CMS responsable de agregar/editar f\u00f3rmulas de columnas de conjuntos de datos. Esto permite a un usuario autenticado obtener y modificar datos arbitrarios de la base de datos Xibo inyectando valores especialmente manipulados en el par\u00e1metro \"formula\". Los usuarios deben actualizar a la versi\u00f3n 3.3.12 o 4.0.14, que soluciona este problema."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-419xx/CVE-2024-41915.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41915",
   "sourceIdentifier": "security-alert@hpe.com",
   "published": "2024-07-30T17:15:13.450",
-  "lastModified": "2024-07-30T17:15:13.450",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster."
+    },
+    {
+      "lang": "es",
+      "value": " Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de ClearPass Policy Manager podr\u00eda permitir que un atacante remoto autenticado realice ataques de inyecci\u00f3n SQL contra la instancia de ClearPass Policy Manager. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener y modificar informaci\u00f3n confidencial en la base de datos subyacente, lo que podr\u00eda comprometer por completo el cl\u00faster de ClearPass Policy Manager."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-419xx/CVE-2024-41916.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41916",
   "sourceIdentifier": "security-alert@hpe.com",
   "published": "2024-07-30T17:15:13.667",
-  "lastModified": "2024-07-30T17:15:13.667",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager."
+    },
+    {
+      "lang": "es",
+      "value": "Existe una vulnerabilidad en ClearPass Policy Manager que permite que un atacante con privilegios administrativos acceda a informaci\u00f3n confidencial en formato de texto plano. Un exploit exitoso permite a un atacante recuperar informaci\u00f3n que podr\u00eda usarse para obtener acceso adicional a los servicios de red compatibles con ClearPass Policy Manager."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-419xx/CVE-2024-41943.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41943",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-07-30T18:15:06.037",
-  "lastModified": "2024-07-30T18:15:06.037",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will then be executed when the page is loaded in the browser. The vulnerability was fixed in version 5.11.1."
+    },
+    {
+      "lang": "es",
+      "value": " I, Librarian es una versi\u00f3n de c\u00f3digo abierto de un PDF que administra SaaS. Las notas en PDF se muestran en la p\u00e1gina Summary del art\u00edculo sin ning\u00fan tipo de validaci\u00f3n o saneamiento. Un atacante puede aprovechar esta vulnerabilidad insertando un payload en las notas PDF que contiene c\u00f3digo o script malicioso. Este c\u00f3digo se ejecutar\u00e1 cuando la p\u00e1gina se cargue en el navegador. La vulnerabilidad se solucion\u00f3 en la versi\u00f3n 5.11.1."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-419xx/CVE-2024-41944.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41944",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-07-30T17:15:13.853",
-  "lastModified": "2024-07-30T17:15:13.853",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue."
+    },
+    {
+      "lang": "es",
+      "value": " Xibo es un sistema de gesti\u00f3n de contenidos (CMS). Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en la ruta API `report/data/proofofplayReport` dentro del CMS. Esto permite a un usuario autenticado obtener y modificar datos arbitrarios de la base de datos Xibo inyectando valores especialmente dise\u00f1ados en el par\u00e1metro \"sortBy\". Los usuarios deben actualizar a la versi\u00f3n 3.3.12 o 4.0.14, que soluciona este problema."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-419xx/CVE-2024-41945.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41945",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-07-30T20:15:04.930",
-  "lastModified": "2024-07-30T20:15:04.930",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "fuels-ts is a library for interacting with Fuel v2.  The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the `fund` function in `fuels-ts/packages/account/src/account.ts` gets the needed ressources statelessly with the function `getResourcesToSpend` without taking into consideration already used UTXOs. This issue will lead to unexpected SDK behaviour, such as a transaction not getting included in the `txpool` / in a block or a previous transaction silently getting removed from the `txpool` and replaced with a new one."
+    },
+    {
+      "lang": "es",
+      "value": "fuels-ts es una librer\u00eda para interactuar con Fuel v2. El SDK mecanografiado no tiene conocimiento de las transacciones que se van a gastar, lo que hace que algunas transacciones fallen o se eliminen silenciosamente, ya que se financian con UTXO ya usados. El problema ocurre porque la funci\u00f3n `fund` en `fuels-ts/packages/account/src/account.ts` obtiene los recursos necesarios sin estado con la funci\u00f3n `getResourcesToSpend` sin tener en cuenta los UTXO ya utilizados. Este problema provocar\u00e1 un comportamiento inesperado del SDK, como que una transacci\u00f3n no se incluya en `txpool`/en un bloque o que una transacci\u00f3n anterior se elimine silenciosamente de `txpool` y se reemplace por una nueva."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-41xx/CVE-2024-4188.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-4188",
   "sourceIdentifier": "security@opentext.com",
   "published": "2024-07-30T15:15:13.253",
-  "lastModified": "2024-07-30T15:15:13.253",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Unprotected Transport of Credentials vulnerability in OpenText\u2122 Documentum\u2122 Server could allow Credential Stuffing.This issue affects Documentum\u2122 Server: from 16.7 through 23.4."
+    },
+    {
+      "lang": "es",
+      "value": "La vulnerabilidad de transporte de credenciales desprotegido en OpenText\u2122 Documentum\u2122 Server podr\u00eda permitir Credential Stuffing. Este problema afecta a Documentum\u2122 Server: desde la versi\u00f3n 16.7 hasta la 23.4."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-423xx/CVE-2024-42381.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-42381",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-07-31T06:15:02.130",
-  "lastModified": "2024-07-31T06:15:02.130",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)"
+    },
+    {
+      "lang": "es",
+      "value": " os/linux/elf.rb en Homebrew Brew anterior a 4.2.20 usa ldd para cargar archivos ELF obtenidos de fuentes no confiables, lo que permite a los atacantes lograr la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de un archivo ELF con una secci\u00f3n .interp personalizada. NOTA: la ejecuci\u00f3n de este c\u00f3digo ocurrir\u00eda durante una fase de reubicaci\u00f3n binaria sin espacio aislado, que ocurre antes de que un usuario espere la ejecuci\u00f3n del contenido del paquete descargado. (237d1e783f7ee261beaba7d3f6bde22da7148b0a fue la versi\u00f3n vulnerable probada)."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-52xx/CVE-2024-5249.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-5249",
   "sourceIdentifier": "security@puppet.com",
   "published": "2024-07-30T19:15:11.400",
-  "lastModified": "2024-07-30T19:15:11.400",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed."
+    },
+    {
+      "lang": "es",
+      "value": "En versiones de Akana API Platform anteriores a 2024.1.0, los tokens SAML se pueden reproducir."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-52xx/CVE-2024-5250.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-5250",
   "sourceIdentifier": "security@puppet.com",
   "published": "2024-07-30T19:15:11.613",
-  "lastModified": "2024-07-30T19:15:11.613",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations"
+    },
+    {
+      "lang": "es",
+      "value": " En versiones de Akana API Platform anteriores a 2024.1.0, se pueden encontrar errores demasiado detallados en las integraciones SAML"
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-54xx/CVE-2024-5486.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-5486",
   "sourceIdentifier": "security-alert@hpe.com",
   "published": "2024-07-30T17:15:14.120",
-  "lastModified": "2024-07-30T17:15:14.120",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager"
+    },
+    {
+      "lang": "es",
+      "value": " Existe una vulnerabilidad en ClearPass Policy Manager que permite que un atacante con privilegios administrativos acceda a informaci\u00f3n confidencial en formato de texto plano. Un exploit exitoso permite a un atacante recuperar informaci\u00f3n que podr\u00eda usarse para potencialmente obtener mayor acceso a los servicios de red compatibles con ClearPass Policy Manager."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-59xx/CVE-2024-5901.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-5901",
   "sourceIdentifier": "security@wordfence.com",
   "published": "2024-07-30T21:15:09.863",
-  "lastModified": "2024-07-30T21:15:09.863",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento SiteOrigin Widgets Bundle para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del widget Image Grid en todas las versiones hasta la 1.62.2 incluida debido a una sanitizaci\u00f3n de entrada  y a un escape de salida insuficientes en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-61xx/CVE-2024-6165.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-6165",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2024-07-31T06:15:03.373",
-  "lastModified": "2024-07-31T06:15:03.373",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The WANotifier  WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
+    },
+    {
+      "lang": "es",
+      "value": " El complemento WANotifier de WordPress anterior a 2.6.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-62xx/CVE-2024-6208.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-6208",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-31T13:15:10.600",
+  "lastModified": "2024-07-31T13:15:10.600",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=3097323#L10",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=3097323#L302",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3126662/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c67d2f8-d918-42ef-a301-27eed7fa41b2?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-62xx/CVE-2024-6255.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-6255",
   "sourceIdentifier": "security@huntr.dev",
   "published": "2024-07-31T01:15:09.847",
-  "lastModified": "2024-07-31T01:15:09.847",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption."
+    },
+    {
+      "lang": "es",
+      "value": " Una vulnerabilidad en el manejo de archivos JSON de gaizhenbiao/chuanhuchatgpt versi\u00f3n 20240410 permite a cualquier usuario eliminar cualquier archivo JSON en el servidor, incluidos archivos de configuraci\u00f3n cr\u00edticos como `config.json` y `ds_config_chatbot.json`. Este problema surge debido a una validaci\u00f3n inadecuada de las rutas de los archivos, lo que permite ataques de cruce de directorios. Un atacante puede aprovechar esta vulnerabilidad para interrumpir el funcionamiento del sistema, manipular la configuraci\u00f3n o provocar potencialmente la p\u00e9rdida o corrupci\u00f3n de datos."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-62xx/CVE-2024-6272.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-6272",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2024-07-31T06:15:03.637",
-  "lastModified": "2024-07-31T06:15:03.637",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
+    },
+    {
+      "lang": "es",
+      "value": " El complemento SpiderContacts de WordPress hasta la versi\u00f3n 1.1.7 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-64xx/CVE-2024-6408.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-6408",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2024-07-31T06:15:03.913",
-  "lastModified": "2024-07-31T06:15:03.913",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The Slider by 10Web  WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
+    },
+    {
+      "lang": "es",
+      "value": " El complemento Slider by 10Web WordPress anterior a 1.2.57 no sanitiza ni escapa a su t\u00edtulo de control deslizante, lo que podr\u00eda permitir a usuarios con altos privilegios, como editores y superiores, realizar ataques de cross site scripting incluso cuando unfiltered_html no est\u00e1 permitido."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-64xx/CVE-2024-6412.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-6412",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2024-07-31T06:15:04.083",
-  "lastModified": "2024-07-31T06:15:04.083",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The HTML Forms  WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
+    },
+    {
+      "lang": "es",
+      "value": "El complemento HTML Forms de WordPress anterior a la versi\u00f3n 1.3.34 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-66xx/CVE-2024-6695.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-6695",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2024-07-31T06:15:04.237",
-  "lastModified": "2024-07-31T06:15:04.237",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process."
+    },
+    {
+      "lang": "es",
+      "value": " Es posible que un atacante obtenga acceso administrativo sin tener ning\u00fan tipo de cuenta en el sitio objetivo y realice acciones no autorizadas. Esto se debe a un flujo l\u00f3gico inadecuado en el proceso de registro de usuarios."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-67xx/CVE-2024-6725.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-6725",
   "sourceIdentifier": "security@wordfence.com",
   "published": "2024-07-31T11:15:10.747",
-  "lastModified": "2024-07-31T11:15:10.747",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018html\u2019 parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with form editing permissions and Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro \u2018html\u2019 en todas las versiones hasta la 6.11.1 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con permisos de edici\u00f3n de formularios y acceso de nivel de suscriptor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-67xx/CVE-2024-6770.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-6770",
   "sourceIdentifier": "security@wordfence.com",
   "published": "2024-07-31T06:15:04.407",
-  "lastModified": "2024-07-31T06:15:04.407",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    },
+    {
+      "lang": "es",
+      "value": " El complemento Lifetime free Drag & Drop Contact Form Builder para WordPress VForm para WordPress es vulnerable a Cross Site Scripting almacenado en todas las versiones hasta la 2.1.5 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-69xx/CVE-2024-6980.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-6980",
   "sourceIdentifier": "cve-requests@bitdefender.com",
   "published": "2024-07-31T07:15:02.053",
-  "lastModified": "2024-07-31T07:15:02.053",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery.\u00a0This issue only affects GravityZone Console versions before 6.38.1-5\u00a0running only on premise."
+    },
+    {
+      "lang": "es",
+      "value": " Un problema detallado de manejo de errores en el servicio proxy implementado en GravityZone Update Server permite a un atacante provocar server-side request forgery. Este problema solo afecta a las versiones de GravityZone Console anteriores a 6.38.1-5 que se ejecutan solo en las instalaciones."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-71xx/CVE-2024-7135.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7135",
   "sourceIdentifier": "security@wordfence.com",
   "published": "2024-07-31T11:15:11.010",
-  "lastModified": "2024-07-31T11:15:11.010",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento Tainacan para WordPress es vulnerable al acceso no autorizado a los datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n 'get_file' en todas las versiones hasta la 0.21.7 incluida. La funci\u00f3n tambi\u00e9n es vulnerable a directory traversal. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, lean el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7205.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-7205",
   "sourceIdentifier": "68870bb1-d075-4169-957d-e580b18692b9",
   "published": "2024-07-31T06:15:05.327",
-  "lastModified": "2024-07-31T06:15:05.327",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [
     {
       "sourceIdentifier": "68870bb1-d075-4169-957d-e580b18692b9",
@@ -16,6 +16,10 @@
     {
       "lang": "en",
       "value": "When the device is shared,\u00a0the homepage module are before 2.19.0 \u00a0in eWeLink Cloud Service\u00a0allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information."
+    },
+    {
+      "lang": "es",
+      "value": "Cuando se comparte el dispositivo, el m\u00f3dulo de la p\u00e1gina de inicio es anterior a 2.19.0 en eWeLink Cloud Service y permite al usuario secundario asumir el control de los dispositivos como usuario principal compartiendo informaci\u00f3n confidencial innecesaria del dispositivo."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7208.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7208",
   "sourceIdentifier": "cret@cert.org",
   "published": "2024-07-30T17:15:14.360",
-  "lastModified": "2024-07-30T17:15:14.360",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Hosted services do not verify the sender of an email against authenticated users, allowing an attacker to spoof the identify of another user's email address."
+    },
+    {
+      "lang": "es",
+      "value": "Los servicios alojados no verifican el remitente de un correo electr\u00f3nico con usuarios autenticados, lo que permite a un atacante falsificar la identidad de la direcci\u00f3n de correo electr\u00f3nico de otro usuario."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-72xx/CVE-2024-7209.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7209",
   "sourceIdentifier": "cret@cert.org",
   "published": "2024-07-30T17:15:14.450",
-  "lastModified": "2024-07-30T17:15:14.450",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender."
+    },
+    {
+      "lang": "es",
+      "value": " Existe una vulnerabilidad en el uso de registros SPF compartidos en proveedores de alojamiento multiinquilino, lo que permite a los atacantes utilizar la autorizaci\u00f3n de red para falsificar la identificaci\u00f3n del correo electr\u00f3nico del remitente."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-72xx/CVE-2024-7264.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-7264",
   "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
   "published": "2024-07-31T08:15:02.657",
-  "lastModified": "2024-07-31T10:15:02.393",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-72xx/CVE-2024-7273.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7273",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-30T21:15:10.110",
-  "lastModified": "2024-07-30T21:15:10.110",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0. This vulnerability affects unknown code of the file search.php. The manipulation of the argument rcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273142 is the identifier assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": " Una vulnerabilidad fue encontrada en itsourcecode Alton Management System 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo search.php. La manipulaci\u00f3n del argumento rcode conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-273142 es el identificador asignado a esta vulnerabilidad."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7274.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7274",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-30T22:15:02.500",
-  "lastModified": "2024-07-30T22:15:02.500",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability, which was classified as critical, has been found in itsourcecode Alton Management System 1.0. This issue affects some unknown processing of the file /reservation_status.php. The manipulation of the argument rcode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273143."
+    },
+    {
+      "lang": "es",
+      "value": " Una vulnerabilidad fue encontrada en itsourcecode Alton Management System 1.0  y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /reservation_status.php. La manipulaci\u00f3n del argumento rcode conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-273143."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7275.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7275",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-30T23:15:03.280",
-  "lastModified": "2024-07-30T23:15:03.280",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability, which was classified as critical, was found in itsourcecode Alton Management System 1.0. Affected is an unknown function of the file /admin/category_save.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273144."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad fue encontrada en itsourcecode Alton Management System 1.0  y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/category_save.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento category conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-273144."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7276.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7276",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-30T23:15:03.573",
-  "lastModified": "2024-07-30T23:15:03.573",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability has been found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/member_save.php. The manipulation of the argument last/first leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273145 was assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": " Una vulnerabilidad ha sido encontrada en itsourcecode Alton Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/member_save.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento last/first conduce a la inyecci\u00f3n SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-273145."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7277.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7277",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T00:15:01.730",
-  "lastModified": "2024-07-31T00:15:01.730",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273146 is the identifier assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad fue encontrada en itsourcecode Alton Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/menu.php del componente Add a Menu es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento image conduce a una carga sin restricciones. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-273146 es el identificador asignado a esta vulnerabilidad."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7278.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7278",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T01:15:10.130",
-  "lastModified": "2024-07-31T01:15:10.130",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_save.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273147."
+    },
+    {
+      "lang": "es",
+      "value": "Se encontr\u00f3 una vulnerabilidad itsourcecode Alton Management System 1.0. Ha sido clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /admin/team_save.php. La manipulaci\u00f3n del argumento team conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-273147."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7279.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7279",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T01:15:10.410",
-  "lastModified": "2024-07-31T01:15:10.410",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273148."
+    },
+    {
+      "lang": "es",
+      "value": " Se encontr\u00f3 una vulnerabilidad en SourceCodester Lot Reservation Management System 1.0. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin/ajax.php?action=login. La manipulaci\u00f3n del argumento username conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-273148."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7280.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7280",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T01:15:10.687",
-  "lastModified": "2024-07-31T01:15:10.687",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/view_reserved.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273149 was assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Lot Reservation Management System 1.0. Ha sido calificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /admin/view_reserved.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-273149."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7281.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7281",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T02:15:02.003",
-  "lastModified": "2024-07-31T02:15:02.003",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability classified as critical has been found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /admin/index.php?page=manage_lot. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273150 is the identifier assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": " Una vulnerabilidad ha sido encontrada en SourceCodester Lot Reservation Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/index.php?page=manage_lot es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-273150 es el identificador asignado a esta vulnerabilidad."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7282.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7282",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T02:15:02.383",
-  "lastModified": "2024-07-31T02:15:02.383",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability classified as critical was found in SourceCodester Lot Reservation Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/manage_model.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273151."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad fue encontrada en SourceCodester Lot Reservation Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/manage_model.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-273151."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7283.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7283",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T03:15:01.717",
-  "lastModified": "2024-07-31T03:15:01.717",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Lot Reservation Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273152."
+    },
+    {
+      "lang": "es",
+      "value": " Una vulnerabilidad fue encontrada en SourceCodester Lot Reservation Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/manage_user.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-273152."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7284.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7284",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T03:15:02.077",
-  "lastModified": "2024-07-31T03:15:02.077",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument about leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273153 was assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad fue encontrada en SourceCodester Lot Reservation Management System 1.0 y clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo /admin/ajax.php?action=save_settings. La manipulaci\u00f3n del argumento about conduce a cross site scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-273153."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7285.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7285",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T04:15:06.160",
-  "lastModified": "2024-07-31T04:15:06.160",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273154 is the identifier assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad fue encontrada en SourceCodester Establishment Billing Management System 1.0 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin/ajax.php?action=save_settings. La manipulaci\u00f3n del argumento name conduce a cross site scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-273154 es el identificador asignado a esta vulnerabilidad."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7286.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7286",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T04:15:06.837",
-  "lastModified": "2024-07-31T04:15:06.837",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273155."
+    },
+    {
+      "lang": "es",
+      "value": " Una vulnerabilidad fue encontrada en SourceCodester Establishment Billing Management System 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /admin/ajax.php?action=login del componente Login. La manipulaci\u00f3n del argumento username conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-273155."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7287.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7287",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T05:15:09.907",
-  "lastModified": "2024-07-31T05:15:09.907",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273156."
+    },
+    {
+      "lang": "es",
+      "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Establishment Billing Management System 1.0. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /manage_user.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-273156."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7288.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7288",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T05:15:10.247",
-  "lastModified": "2024-07-31T05:15:10.247",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_block. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273157 was assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": " Se encontr\u00f3 una vulnerabilidad en SourceCodester Establishment Billing Management System 1.0. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo /ajax.php?action=delete_block es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-273157."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7289.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7289",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T06:15:06.313",
-  "lastModified": "2024-07-31T06:15:06.313",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_payment.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273158 is the identifier assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": " Se encontr\u00f3 una vulnerabilidad en SourceCodester Establishment Billing Management System 1.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /manage_paid.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-273158 es el identificador asignado a esta vulnerabilidad."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7290.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7290",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T06:15:07.533",
-  "lastModified": "2024-07-31T06:15:07.533",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. This affects an unknown part of the file /manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273159."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad ha sido encontrada en SourceCodester Establishment Billing Management System 1.0 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /manage_tenant.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-273159."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7297.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7297",
   "sourceIdentifier": "vulnreport@tenable.com",
   "published": "2024-07-30T17:15:14.513",
-  "lastModified": "2024-07-30T17:15:14.513",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint."
+    },
+    {
+      "lang": "es",
+      "value": " Las versiones de Langflow anteriores a la 1.0.13 sufren de una vulnerabilidad de escalada de privilegios, lo que permite a un atacante remoto y con pocos privilegios obtener privilegios de superadministrador al realizar una solicitud de asignaci\u00f3n masiva en el endpoint '/api/v1/users'."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-72xx/CVE-2024-7299.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-7299",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T07:15:02.377",
-  "lastModified": "2024-07-31T07:15:02.377",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [
     {
       "sourceIdentifier": "cna@vuldb.com",
@@ -16,6 +16,10 @@
     {
       "lang": "en",
       "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273167. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life."
+    },
+    {
+      "lang": "es",
+      "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad en Bolt CMS 3.7.1. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /preview/page del componente Entry Preview Handler. La manipulaci\u00f3n del argumento body conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-273167. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 al proveedor tempranamente y se confirm\u00f3 que el \u00e1rbol de lanzamiento afectado ha llegado al final de su vida \u00fatil."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-73xx/CVE-2024-7300.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-7300",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T07:15:02.760",
-  "lastModified": "2024-07-31T07:15:02.760",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [
     {
       "sourceIdentifier": "cna@vuldb.com",

CVE-2024/CVE-2024-73xx/CVE-2024-7303.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-7303",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T08:15:02.780",
-  "lastModified": "2024-07-31T08:15:02.780",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-73xx/CVE-2024-7306.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-7306",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T08:15:03.067",
-  "lastModified": "2024-07-31T08:15:03.067",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-73xx/CVE-2024-7307.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7307",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T09:15:05.120",
-  "lastModified": "2024-07-31T09:15:05.120",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_billing.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273199."
+    },
+    {
+      "lang": "es",
+      "value": "Se ha encontrado una vulnerabilidad en SourceCodester Establishment Billing Management System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /manage_billing.php. La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n SQL. El ataque se puede lanzar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. El identificador asociado a esta vulnerabilidad es VDB-273199."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-73xx/CVE-2024-7308.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-7308",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T09:15:05.690",
-  "lastModified": "2024-07-31T09:15:05.690",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-73xx/CVE-2024-7309.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-7309",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T10:15:02.893",
-  "lastModified": "2024-07-31T10:15:02.893",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-73xx/CVE-2024-7310.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-7310",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T10:15:03.550",
-  "lastModified": "2024-07-31T10:15:03.550",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-73xx/CVE-2024-7311.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7311",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-07-31T11:15:11.233",
-  "lastModified": "2024-07-31T11:15:11.233",
+  "lastModified": "2024-07-31T12:57:02.300",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file register.php. The manipulation of the argument Email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273203."
+    },
+    {
+      "lang": "es",
+      "value": "Se ha encontrado una vulnerabilidad code-projects Online Bus Reservation Site 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo register.php. La manipulaci\u00f3n del argumento Email provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. La vulnerabilidad se ha divulgado al p\u00fablico y puede utilizarse. El identificador asociado a esta vulnerabilidad es VDB-273203."
     }
   ],
   "metrics": {